Oracle WebLogic Remote Code Execution (CVE-2020-14882)

Summary

Acunetix 360 identified the Oracle WebLogic Remote Code Execution (CVE-2020-14882) in the target web server.

Impact

The vulnerability allows attackers to execute arbitrary Java code on the target system. The attacker may also be able to execute arbitrary system commands.

Exploit of the vulnerability is known widely and should be addressed as soon as possible.

Remediation

In order to patch this vulnerability, please install the official patch Oracle made available for supported, vulnerable instances.

Severity

Critical

Classification

PCI v3.2-6.5.1 CAPEC-242 CWE-94 HIPAA-164.306(a) 164.308(a) ISO27001-A.14.2.5 OWASP 2013-A1 OWASP 2017-A1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H